Coverity's flagship product offering is Coverity Prevent, a source code analysis platform targeted to development shops and enterprise IT development departments. Coverity Prevent analyzes source code at compile time, identifying potential code defects, security vulnerabilities, and concurrency issues in the code and providing tools that enable developers to rectify the code issues discovered. The application provides an interface within which the full path to each discovered defect is displayed, source code is displayed (cross-referenced and linked by uses and definitions), and critical attributes of the defect are inlined within the source code.

Flavors of Coverity Prevent are available for use in both C/C++ and Java environments. Platforms supported for C/C++ developers include Windows, Linux, Mac OS X, Solaris, HP-UX and more; with supported compilers including G++, GCC, MS Visual Studio, and Sun C/C++, to name just a few. The vendor states that support for other ANSI C compatible compilers is available on request. Supported Java environments include Windows, Solaris. Mac OS X, and Linux with JDK 1.4+.

In brief, Coverity Prevent's methodology is to first generate a "Software DNA" mapping of the application and then apply a series of individual analysis engines against the DNA mapping towards the goal of thoroughly understanding the application's functionality. The DNA mapping is created via a monitoring layer that operates between the build and operating systems and intercepts all complier calls (C/C++), or source code scanning (Java). Analysis engines applied to the resulting DNA map include such entries as the Path Flow Engine (graphs control flows through functions), the Statistical Engine (responsible for the analysis of the behavioral characteristics of the code base as a whole), and the False Path Engine (solving of branch conditions on the current path), to name a few. The Boolean Satisfiability (SAT) engine, in particular, seeks to translate software operations into boolean operators and values to determine whether each formula is in fact "satisfiable," i.e. whether any combination of possible true/false variables within the formula will result in the overall formula as being "true."

On top of these analysis engines the vendor offers a series of modules dedicated to the identification of defects in three main categories: "Crash Causing Defects" (memory errors, logic errors, pointer errors, etc.), "Security Vulnerabilities," and "Concurrency Defects." Additionally, "solvers" designed for use specifically with the SAT engine include the False Path Pruning Solver, which determines if the path to an identified defect is indeed feasible and therefore enables the product to reject those defects which are unfeasible (in an attempt to reduce false-positive reports). Note that not all analysis engines and modules may be available for both the C/C++ and Java flavors of the product; visit the vendor's site for further details.

Other products from the vendor include Coverity Extend, which is a complementary module to Coverity Prevent C/C++ that provides the ability to define/create custom checks to look for organization-specific code violations; and the new Coverity Thread Analyzer for Java, a standalone product for Windows (XP/Server 2003), Linux, Solaris, or Mac OS X w/JDK 1.5 that observes Java code as it is executed towards the specific goal of identifying race conditions or deadlocks. Coverity Thread Analyzer for Java can be used in combination with Coverity Prevent.

Coverity Prevent, Coverity Extend, and Coverity Thread Analayzer for Java are available now. Base pricing for Prevent is $30,000, with Extend priced at 10% of the Prevent license. Base pricing for Thread Analyzer is $20,000.

Contact Coverity for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about Coverity Prevent / Coverity Thread Analyzer

Suggest a link
for the Coverity Prevent / Coverity Thread Analyzer fact sheet